Monday, July 20, 2009

A "Good Exploit"

Today I was reading this article about how Microsoft changed its Internet Explorer 8 installation wizard to not change the default browser without explicit consent from the user. The article muses about why Microsoft might have done this given the fact that Microsoft is in legal trouble in the EU for related issues and that many organizations disagreed with this tactic.

I was wondering how Microsoft would feel if the other browsers pulled stunts like this against them. Well, this got me thinking. I have always thought that it would be cool to improve people's computers without their consent. That is, write an exploit that benefits the user being "exploited".

I have heard of someone trying to do this before, although I cannot find any link about it now. From what I can remember, someone tried to write an exploit that gained control of a system through a vulnerability, but then tried to fix that vulnerability so that no one else could gain access in the same way. Unfortunately, ...and as usual..., this exploit was not perfect and made some computers worse off instead of better.

Now I know that this is not within the spirit of free and open source software (FOSS), but I think it would be really funny if Microsoft got a taste of their own medicine using the above idea. Someone should write an exploit that (1) takes control of a user's system, (2) downloads and installs Firefox if it is not already installed, and (3) changes the default browser to Firefox.